In this tutorial I will show you how to extract SSL certificate and key from PFX file and also how to remove a password from a private SSL key.
If you have landed on this tutorial and do not have PFX certificate file please visit: Migrate (move) SSL certificate from Windows to Linux.

The certificate extraction can be done with a tool called Open SSL that you may install from the Linux server repository, or take the source from here: OpenSSL. Also you can use the Windows version: OpenSSL for Windows.

Once you have it installed go to the folder where the PFX certificate is located and execute the following commands:

C++

1

2

3

4

5

6

7

8

# To export the private key from the pfx file:

openssl pkcs12-inwin_cert.pfx-nocerts-out key.pem

# To export the certificate from the pfx file:

openssl pkcs12-inwin_cert.pfx-clcerts-nokeys-out cert.pem

# And now remove the key password:

openssl rsa-inkey.pem-out key_with_no_pw.key

Probably from the comments, you guessed already what line what is doing, but I will explain these lines briefly:

The first line will export the private key from the windows certificate and since PFX key is always exported with a password, you will be prompted to enter one. So you must have it.

The second line will export certificate from the PFX file.

Again, you will need the PFX file password in order to remove it. In fact you can use the certificate with Apache server, but whenever it is restarted you will be prompted for a passphrase. If you choose this case, forget for automated Apache restarts and take in mind that you have to enter the pass after server restart. Like this one:

About the Author: Anthony G. is an IT specialist with more than 9 years of solid working experience in the Web Hosting industry. Currently works as server support administrator, involved in consultative discussions about Web Hosting and server administration. One of the first writers in the Onlinehowto.net website, now writing for Free Tutorials community - he is publishing tutorials and articles for the wide public, as well as specific technical solutions.

One note here: (I wrote that in the tutorial above)- if you decide to use the “-des3” option, and leave your key with password, on every web server (Apache for example) will ask for the key password, and you should forget for automated webserver restarts.

So I went ahead and installed OpenSSL for Windows. I’ve exported a .pfx file with my certificate and key. You said, “Once you have it installed go to the folder where the PFX certificate is located and execute the following commands:”. How exactly do I execute those commands? I tried using the CMD prompt and got an error that said, “openssl is not reconized as an internal or external command, operable program or batch file”.

Now what? There is no “application” with OpenSSL for Windows. How do I execute that command?

The application is located probably in Program Files\OpenSSL folder.
To run the OpenSSL command go to CMD (command line) go to the OpenSSL for example
cd \program files\openssl
– and there you will be able to execute the commands as described